AUTHENTICATION FACTORS WITH PUBLIC-KEY INFRASTRUCTURE
First Claim
1. A user access control system for use in a computer systems having user authenticated accesses, the system comprising:
- a workstation coupled to a computer network, the workstation operable to receive a request for an authenticated access to the computer network, and to prompt for and receive one or more credentials associated with the request;
a gating authentication server coupled to the computer network and operable to receive the one or more credentials provided through the workstation and to provide as a gating factor an authenticated credential as a gating factor in response to receiving and validating the one or more credentials; and
a public key infrastructure server coupled to the computer network and operable to generate private/public key pairs associated with the authenticated credential, wherein the private/public key pairs are generated after a request for access to the computer system has been received at the workstation and the gating authentication server has authenticated the one or more credentials provided through the workstation.
5 Assignments
0 Petitions
Accused Products
Abstract
A user access control system comprising a workstation coupled to a computer network and operable to receive a request for an authenticated access to the computer network, and to prompt for and receive one or more credentials associated with the request, a gating authentication server coupled to the computer network and operable to receive the one or more credentials and to provide as a gating factor an authenticated credential, and a public key infrastructure server coupled to the computer network and operable to generate private/public key pairs associated with the authenticated credential, wherein the private/public key pairs are either generated after a request for access to the computer system has been received at the workstation and the gating authentication server has authenticated the one or more credentials provided through the workstation, or the private/public key pairs are retrieved from a previously generated virtual smart card based on the authentication credential.
98 Citations
25 Claims
-
1. A user access control system for use in a computer systems having user authenticated accesses, the system comprising:
-
a workstation coupled to a computer network, the workstation operable to receive a request for an authenticated access to the computer network, and to prompt for and receive one or more credentials associated with the request; a gating authentication server coupled to the computer network and operable to receive the one or more credentials provided through the workstation and to provide as a gating factor an authenticated credential as a gating factor in response to receiving and validating the one or more credentials; and a public key infrastructure server coupled to the computer network and operable to generate private/public key pairs associated with the authenticated credential, wherein the private/public key pairs are generated after a request for access to the computer system has been received at the workstation and the gating authentication server has authenticated the one or more credentials provided through the workstation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of authenticating users requesting access on a computer network, the method comprising:
-
receiving a request for authenticated access to a computer network; prompting for at least one user credential; receiving at least one credential in response to the prompt; validating the received at least one credential by providing an authenticated credentials if the received at least one credential is valid; requesting a temporal private/public key pair and a temporal certificate, wherein requesting includes submitting the authenticated credentials; receiving the authenticated credentials and generating a temporal private/public key pair and a temporal certificate associated with the authenticated credentials upon receipt of the authenticated credentials; and granting authenticated access to the computer network using the temporal certificate and the temporal private/public key pair. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of authenticating users requesting access on a computer network, the method comprising:
-
initiating a smart card logon process; receiving a request for authenticated access to a computer network; deceiving a smart card reader driver into believing that a smart card is present prompting for at least one user credential; receiving at least one credential in response to the prompt; validating the received at least one credential by providing authenticated credentials if the received at least one credential is valid; requesting a private/public key pair and a certificate based on the authenticated credentials; in response to the request for a private/public key pair and a certificate, presenting the authenticated credentials to obtain a temporal key pair and a temporal certificate; submitting the temporal key pair and the temporal certificate to the logon process as if it was read from a smart card; and granting authenticated access to the computer network using the temporal certificate and the authenticated credentials. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A machine-readable medium comprising instructions stored on a computer memory, which when implemented by one or more processors perform the following operations:
-
receiving a request for authenticated access to a computer network; prompting for at least one user credential; receiving at least one credential in response to the prompt; validating the received at least one credential by providing an authenticated credentials if the received at least one credential is valid; requesting a temporal private/public key pair and a temporal certificate, wherein requesting includes submitting the authenticated credentials; receiving the authenticated credentials and generating a temporal private/public key pair and a temporal certificate associated with the authenticated credentials upon receipt of the authenticated credentials; and granting authenticated access to the computer network using the temporal certificate and the temporal private/public key pair.
-
Specification